[GROOVY-6456] AbstractHttpServlet.applyResourceNameMatcher race condition - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.3.0-beta-1
Component/s: Groovlet / GSP
Labels:
- breaking

Description

groovy.servlet.AbstractHttpServlet#applyResourceNameMatcher uses java.util.regex.Matcher object in this way:

matcher.reset(uri);

but Matcher is NOT ThreadSafe!

javadoc:
Instances of this class are not safe for use by multiple concurrent threads.

Pattern class IS thread safe.

stacktrace from bug demo
2013-12-01 23:36:50.009:WARN:oejs.ServletHandler:/1Test.groovy
java.lang.IndexOutOfBoundsException: start 0, end -1, s.length() 14
at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:476)
at java.lang.StringBuffer.append(StringBuffer.java:309)
at java.util.regex.Matcher.appendReplacement(Matcher.java:839)
at java.util.regex.Matcher.replaceAll(Matcher.java:906)
at groovy.servlet.AbstractHttpServlet.applyResourceNameMatcher(AbstractHttpServlet.java:303)
at groovy.servlet.AbstractHttpServlet.getScriptUri(AbstractHttpServlet.java:290)
at groovy.servlet.GroovyServlet.service(GroovyServlet.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AbstractHttpServlet.java
02/Dec/13 07:10
17 kB
AbstractHttpServlet.perf.java
03/Dec/13 09:30
17 kB
groovyServlet_MatcherBug.zip
01/Dec/13 13:40
1 kB

Activity

People

Assignee:: Jochen Theodorou

Reporter:: Andrew P Fink

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 27/Nov/13 13:15

Updated:: 05/Apr/14 00:00

Resolved:: 13/Jan/14 09:27